Similar to how we track the Irish companies that have been caught or have admitted overcharging their customers, we’ll track on this page the Irish companies who are careless with their customers personal data. 2007 and 2008 have seen a growing number of incidences (or reporting of historical incidences) of companies losing laptops, disks and USB sticks, all containing the personal data of their customers.

Organisations Responsible: 10

Incidences Involved: 16

Irish Consumers Impacted: 746,900 (est.)

National Gallery of Ireland – A MAJOR industrial relations row has broken out at the National Gallery in Dublin after a secret camera was installed in a staff locker area. The camera was found three months after it was first covertly installed, disguised as a motion sensor in a wall. The hidden device was found when one member of staff investigated the sensor and traced wiring from it back to a video recorder.

HSE – Kerry General Hospital – CATERING staff were able to access confidential patient information held on a €60m HSE record system which is being rolled out across the country. Workers in Kerry General Hospital were able to access information including the patient’s name, address, admission, discharge date and doctor information, an internal audit of the system last year found. And the audit warned of five “high-level” security risks in the Integrated Patient Management System (IPMS) which is used by 10 acute hospitals and 20 HSE centres.

Budget Travel (Liquidators), February 2010 – Gardaí are investigating the theft of a memory stick containing personal details of tens of thousands of customers of Budget Travel, which went into liquidation last November. It is understood that more than 90,000 customers may be affected. The information had been stored on the memory stick as part of the transfer of business from Budget Travel, which is being bought by Club Travel.

Bord Gais Energy Supply, June 2009 – Some 75,000 Bord Gais customers have been warned to monitor their bank accounts for suspicious transactions after a laptop computer containing their account details was stolen. Four laptops were stolen from Bord Gáis offices on Foley St in Dublin’s north inner city in the early hours of June 5th. One of the computers, containing the banking details of around 75,000 people, was not encrypted.

Airtricity, November 2008 - Revealed in January 2009, Airtricity have confirmed that they inadvertently made available on their website the personal and financial details of 1200 of their customers who’d signed up online for their electricty service. Apparently, the incident actually happened in November, but wasn’t noticed until January.

Health Services Executive (Donegal), January 2009 – The HEALTH Service Executive (HSE) has begun an investigation into how confidential medical notes from 16 patients treated at a Donegal hospital came to be dumped in an alleyway in Derry. The notes from Letterkenny General Hospital were found on Thursday off Gartan Square in the Bogside area of Derry by a local resident. They contained the names, dates of birth and medical conditions of 16 patients.

Bank of Ireland (November 2008) – THE PERSONAL details of close to a thousand Bank of Ireland customers have gone missing after an employee wrongfully copied them on to a computer memory device which was subsequently lost, the bank confirmed last night. Most of the 894 customers affected have already been contacted by the bank, she said. They are customers from across the country, including commercial, personal, pension, life insurance and mortgage-holders.

Health Services Executive (September 2008) -The Office of the Data Protection Commissioner said it is surprised that people still carry around laptops with sensitive information, which is not encrypted. The Office said it was informed by the Health Service Executive on Thursday about the theft of a laptop, a BlackBerry and a data disk from the home of a staff member the previous day. The laptop and disk contained personal information gathered for a survey on the provision of the influenza vaccine to 1,150 healthcare workers in Autumn 2007.

Department of Social and Family Affairs (September 2008) - A CIVIL servant who improperly printed out personal information stored on a government database and then lost the documents in a bookstore has had no sanctions imposed on her. The government worker did not even realise the documents were missing until they were posted back to her by store managers, the Irish Independent has learned.The documents — which were found in the store on September 15 last year — also contained personal items belonging to the female worker, which allowed Eason’s management to identify her and return the papers to here. But she did not even remember losing the items.

Comptroller and Auditor General (August 2008) – The Office of the Data Protection Commissioner has confirmed that it is investigating the loss of a laptop from the Office of the Comptroller and Auditor General. RTÉ News understands that the laptop, which contained personal information including details about IDA companies in Ireland, went missing at a bus stop.

Comptroller and Auditor General (August 2008) – The personal information of 380,000 social welfare recipients has been lost in what the Data Protection Commissioner described as a ‘serious incident’. The information was contained on a laptop stolen from the Office of the Comptroller and Auditor General in April 2007. The data related mostly to the records of pensioners receiving benefits in 2005.

Health Services Executive (May 2008) – The Health Service Executive has said it does not know how many confidential medical files have been dumped in fields in Co Cork, or how they got there. The confidential files were discovered in a landfill site earlier this week near the village of Glounthaune near Cork city. The files contain detailed medical histories of people who were treated at Cork Regional Hospital, the hospital now known as Cork University Hospital, and at St Finbarr’s Hospital in the city.
Data includes the names, addresses, dates of birth and medical conditions of patients treated in the 1970s and early 1980s.

Bank of Ireland Life (April 2008) – The Data Protection Commissioner has told RTE News he is investigating the theft of four laptops from Bank of Ireland’s life assurance division. The records of 10,000 customers on the computers included credit history, some medical backgrounds for life insurance quotes, personal pension plan details, dates of birth, addresses and bank account details. All the material was contained on the four laptops stolen between June and October 2007.

Bank of Ireland (November 2007) -Bank of Ireland has admitted to inadvertently sending out either out-of-date or incorrect statements to 600 of its customers, following a computer error. Some of the statements contained incorrect details about payments that customers are said to have made last year. A bank spokesman said the error was due to the installation of new computer software that came into effect this week.

Allied Irish Banks (November 2007) - AIB has apologised after 15,000 payment advice slips with bank account details and home addresses were sent to the wrong customers. A spokesperson for the bank said that a computer error had caused the receipts, which acknowledge foreign currency lodgements, to be sent to the wrong addresses. The bank says it sincerely regrets what has happened and that it has informed the Data Protection Commissioner.

Irish Blood Transfusion Service (February 2008) - A computer containing over 171,000 confidential blood donor records and other files from the Irish Blood Transfusion Service has been stolen. The data, which the Blood Service says was securely encrypted, was given to the New York Blood centre in December on a computer disk. It was part of a software upgrading programme for the Irish Service.